<?php

//read users
function read($conn, $table) {

  $sql =  '';
  //create query
  $sql .= 'SELECT ';
  $sql .= 'id, ';
  $sql .= 'rol, ';
  $sql .= 'name, ';
  $sql .= 'password, ';
  $sql .= 'softDelete, ';
  $sql .= 'createdAt ';
  $sql .= "FROM $table ";
  $sql .= 'ORDER BY ';
  $sql .= 'createdAt DESC';

  //prepare statement
  $smtm = $conn->prepare($sql);

  $smtm->execute();

  return $smtm;
}

//create user
function create($db, $table, $params) {
  $query = '';
  //create query
  $query .= 'INSERT INTO ';
  $query .= "{$table} ";
  $query .= 'SET ';
  $query .= 'rol = :rol, ';
  $query .= 'name = :name, ';
  $query .= 'password = :password ';
  //prepare statement
  $stmt = $db->prepare($query);
  //clean data
  $params['rol'] = htmlspecialchars(strip_tags($params['rol']));
  $params['name'] = htmlspecialchars(strip_tags($params['name']));
  $params['password'] = htmlspecialchars(strip_tags($params['password']));

  $security_database_password = password_hash($params['password'], PASSWORD_DEFAULT);

  //binding of parameters
  $stmt->bindParam(':rol', $params['rol']);
  $stmt->bindParam(':name', $params['name']);
  $stmt->bindParam(':password', $security_database_password);

  //execute the query
  if ($stmt->execute()) {
    return true;
  }

  //print error if something goes wrong
  printf("Error smtm %s. \n", $stmt->error);
  return false;
}

//read single user
function read_single($db, $table, $params) {
  $query =  '';
  //create query
  $query .= 'SELECT ';
  $query .= 'id, ';
  $query .= 'rol, ';
  $query .= 'name, ';
  $query .= 'password, ';
  $query .= 'softDelete, ';
  $query .= 'createdAt ';
  $query .= "FROM {$table} ";
  $query .= 'WHERE id = ? ';

  //prepare statement
  $stmt = $db->prepare($query);
  //binding param
  $stmt->bindParam(1, $param['id']);
  //execute query
  if ($stmt->execute()) {

    $row = $stmt->fetch(PDO::FETCH_ASSOC);

    $param['id'] = $row['id'];
    $param['rol'] = $row['rol'];
    $param['name'] = $row['name'];
    $param['password'] = $row['password'];
    $param['softDelete'] = $row['softDelete'];
    $param['createdAt'] = $row['createdAt'];

    return $stmt;
  }

  //print error if something goes wrong
  printf("Error smtm %s. \n", $stmt->error);
  return false;
}

//update users
function update($db, $table, $params) {
  $query = '';
  //update query
  $query .= 'UPDATE ';
  $query .= "$table ";
  $query .= 'SET ';
  $query .= 'rol = :rol, ';
  $query .= 'name = :name ';
  $query .= 'WHERE id = :id ';
  //prepare statement
  $stmt = $db->prepare($query);
  //clean data
  $param['rol'] = htmlspecialchars(strip_tags($param['rol']));
  $param['name'] = htmlspecialchars(strip_tags($param['name']));
  $param['id'] = htmlspecialchars(strip_tags($param['id']));
  //binding of parameters
  $stmt->bindParam(':id', $param['id']);
  $stmt->bindParam(':rol', $param['rol']);
  $stmt->bindParam(':name', $param['name']);
  //execute the query
  if ($stmt->execute()) {
    return $param;
  }

  //print error if something goes wrong
  printf("Error smtm %s. \n", $stmt->error);
  return false;
}

//update password user
function update_password($db, $table, $params) {
  $query = '';
  //update query
  $query .= 'UPDATE ';
  $query .= "$table ";
  $query .= 'SET ';
  $query .= 'password = :password ';
  $query .= 'WHERE id = :id ';
  //prepare statement
  $stmt = $db->prepare($query);
  //clean data
  $params['password'] = htmlspecialchars(strip_tags($params['password']));
  $params['id'] = htmlspecialchars(strip_tags($params['id']));
  //binding of parameters
  $stmt->bindParam(':password', $params['password']);
  $stmt->bindParam(':id', $params['id']);
  //execute the query
  if ($stmt->execute()) {
    return true;
  }

  //print error if something goes wrong
  printf("Error smtm %s. \n", $stmt->error);
  return false;
}

//soft delete user
function soft_delete($db, $table, $param) {
  $query = '';
  //soft delete query
  $query .= 'UPDATE ';
  $query .= "{$table} ";
  $query .= 'SET ';
  $query .= 'softDelete = :softDelete ';
  $query .= 'WHERE id = :id ';
  //prepare statement
  $stmt = $db->prepare($query);
  //clean data
  $param['id'] = htmlspecialchars(strip_tags($param['id']));
  $param['softDelete'] = htmlspecialchars(strip_tags($param['softDelete']));
  //binding of parameters
  $stmt->bindParam(':id', $param['id']);
  $stmt->bindParam(':softDelete', $param['softDelete']);
  //execute the query
  if ($stmt->execute()) {
    return true;
  }

  //print error if something goes wrong
  printf("Error smtm %s. \n", $stmt->error);
  return false;
}

?>